summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_child.c
Commit message (Collapse)AuthorAgeFilesLines
* KRB5: Return error when principal selection failsJakub Hrozek2012-11-051-1/+4
| | | | | | | The ldap_child would return a NULL ccache but the error code would still indicate success. https://fedorahosted.org/sssd/ticket/1594
* Only call krb5_set_trace_callback on platforms that support itJakub Hrozek2012-10-121-1/+1
|
* Collect krb5 trace on high debug levelsJakub Hrozek2012-10-121-0/+24
| | | | | | | If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539
* Two fixes to child processesJakub Hrozek2012-10-121-4/+5
| | | | | | | | There was an unused structure member in the krb5_child. Declaration of __krb5_error_msg was shadowing the same variable from sss_krb5.h which is not nice. Also we might actually use the error context directly instead of passing it as parameter.
* Add more debuginfo into ldap_childOndrej Kos2012-09-201-23/+36
| | | | | | | https://fedorahosted.org/sssd/ticket/1225 krb5_child already updated before. Adding more debuginfo into ldap_child. Also old debug levels rewritten into new macros.
* Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8Stef Walter2012-07-061-15/+0
| | | | | | | | * This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.
* LDAP: Fix missing variable in debug messageStephen Gallagher2012-06-151-1/+1
|
* Provide more debugging in krb5_child and ldap_childJakub Hrozek2012-06-141-1/+8
| | | | https://fedorahosted.org/sssd/ticket/1225
* added DEBUG messages to krb5_child and ldap_childNick Guay2012-05-311-0/+7
|
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-071-0/+15
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* If canon'ing principals, write ccache with updated default principalStef Walter2012-05-041-1/+2
| | | | | | | | | | | * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-201-32/+21
| | | | https://fedorahosted.org/sssd/ticket/1209
* Clean up log messages about keytab_nameStephen Gallagher2012-04-051-7/+12
| | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
* krb5_child: set debugging soonerJakub Hrozek2012-03-061-11/+17
|
* KRB5: Add syslog messages for Kerberos failuresStephen Gallagher2012-01-311-0/+8
| | | | https://fedorahosted.org/sssd/ticket/1137
* Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher2011-12-221-0/+5
|
* Move child_common routines to utilStephen Gallagher2011-12-191-1/+1
|
* Support to request canonicalization in LDAP/IPA providerJan Zeleny2011-11-021-0/+8
| | | | https://fedorahosted.org/sssd/ticket/957
* DEBUG timestamps offer higher precisionPavel Březina2011-09-081-0/+2
| | | | | | | https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
* New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2011-08-251-1/+4
| | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
* New DEBUG facility - conversionPavel Březina2011-08-251-0/+2
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* Modify principal selection for keytab authenticationJan Zeleny2011-04-251-2/+3
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Make ldap_child report kerberos return code to parentJakub Hrozek2010-10-131-4/+9
|
* Report Kerberos error code from ldap_child_get_tgt_syncJakub Hrozek2010-10-131-23/+16
|
* Validate keytab at startupJakub Hrozek2010-08-031-48/+3
| | | | | | | | In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
* Fix getting default realm in the ldap childJakub Hrozek2010-08-031-1/+10
|
* Add syslog messages for LDAP GSSAPI bindStephen Gallagher2010-07-091-2/+58
| | | | | We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON)
* GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom2010-07-091-7/+28
| | | | sdap_handle for future reference.
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-161-3/+8
|
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-251-6/+6
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Improve safe alignment buffer handling macrosSimo Sorce2010-03-031-7/+7
| | | | | | | | | Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+429
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-11 19:36:24 +0000